TC October 2009

Developments in the SpamPots Project

FIRST Technical Colloquium (Plenary)

Thursday — October 22nd, 2009 11:15

The SpamPots Project objective is to measure the abuse of end-user machines to send spam. This project is conducted by CERT.br and sponsored by NIC.br, the executive branch of the Brazilian Internet Steering Committee. In the first phase of the project we used 10 low-interaction honeypots, placed in 5 different Brazilian broadband/cable providers, and collected data about the abuse of home computers as part of the spam infrastructure. Currently, we are working on better ways to collect and correlate data seen in different networks and, together with a Brazilian Federal University, developing new data mining algorithms to process spam. Now we have moved to the next phase of the project, which is based on the deployment of honeypots worldwide.

We hope this phase will give us a global and better view of the problem. The presentation will show a brief review of the first phase and the developments of the current one.

Presenters

  • Marcelo Chaves (CERT.br — The Brazilian Internet Steering Committee, BR) BR

    Marcelo Chaves is a Security Analyst at CERT.br, the Brazilian National CERT, maintained by NIC.br, from the Brazilian Internet Steering Committee. He has a degree in Computer Science, and a Masters in Applied Computing, focused on network security, by the National Institute for Space Research (INPE). Marcelo worked as an incident handler and currently is more involved with R&D, specially with the development of tools, based on honeypots and honeynets, to better understand current attack trends, correlating this data with incidents reported to CERT.br.

    Marcelo has been a speaker in several national and international events, talking about many different information security topics, including incident handling, honeypots, online fraud, and spam.